Slashdot Mirror
U.S. Department of Interior Ordered Offline
The whole of the U.S. Department of Interior has been forced off of the internet as a result of a court case Cobell v. Babbit. This was the result of compromises with the Microsoft Windows servers. A judge decided to take the whole of the organization down. Should this judge have this much power? Info here on the
indian trust web site. This includes the BLM, USGS and the Park Service. Staggering, really. CD: Hold off on the blaming of MS, it's still not clear.
Well at least there is one competent judge in the US. Personally this decision makes alot of sense, as in previously posted... if you can't keep confidential information confidential then you shouldn't have the information. All and all a good decision. I wonder how this affects Microsoft? Maybe now their get their collectively large asses moving and fix those damn security issues before each major release so we don't have to go updating to Microsoft Windows Service Pack 143.
can't sleep slashdot will eat me
Of course the judge should have this much power.. it's what we called a "check" in civics class. The executive branch is sucking, and nobody could make it stop sucking if the judicial branch had no power.
Yeah, judges should be limited to minor things like imprisoning human beings and deciding how to preserve our fundamental rights. No way should they be able to pull the plug on a bunch of machines.
It may seem a bit extreme to make the ruling so pervasive, but then again that may be the only way to get those brain-dead govt managers to create a real system (like perhaps without MS software to start).
What's irresponsible is that the systems holding this accounting data should be on the internet at all, and to make it worse, entangled to such a degree with other Interior systems that it makes them have to take down the *USGS*? WTF?
I agree. Think of it like a bank.
If a bank was FDIC insured, and their physical security was absolutely horrible, then the government would yank the insurance and effectively shut the bank down. Fortunately for the banks, the government isn't competent enough to rate their Internet security as they are the physical and fiscal security.
If no one ever lays the hammer down on something like this, people will never start to equate online security with the physical security they take for granted. And much better for the government to start policing itself before it makes more noises about policing the rest of us.
Yes, absolutely, a Federal Judge should have this much power. It's one of the best checks against the possibility of tyranny.
Since the Executive and Legislative branches of government routinely ignore the U.S. Constitution, it is extremely important that we can count on the check of the Judiciary.
Wikia
"In a sweeping action with far-reaching but unclear ramifications, U.S. District Judge Royce Lamberth granted the emergency request, which was brought on behalf of 300,000 American Indians whose assets are housed on a computer infrastructure so easily penetrable that a court investigator and his team of security experts were able to break in and repeatedly access, modify and even create trust data -- all without raising a response from the government."
/. wants to see liability extended to the same absurd levels of product and contingent liability that have been demonstrated in the McDonalds and other Python-esque liability cases, BUT...
it's actually well past time for the courts to hold organizations whose systems are busted by 12 year old scriddies running "canned scripts" from Toolz sites
how would you feel if this were your families' or your companie's sensitive and/or private information??? Information about your 502 or your daughter's rape, or your son's juvenille arrest for possessing underage TeleTubbie Pr0n?
"Coupled with the judge's action were criticisms from members of Congress about the security failures. "The GAO told us five years ago that the fund was in shambles," said Rep. Jim Hansen (R-Utah,) chairman of the House Resources Committee, which has jurisdiction over Indian affairs. "Now we learn that a computer security system deployed in 1999 is virtually worthless," he said."
i don't think anyone on
...isn't it about time the direct creators, distributors and managers of dangerously insecure computer systems have at least SOME small legal responsible (and limited accompanying monetary liability)????
If the facts on the Indian Trust website ARE true, DOI (and Congress) have long been aware of the problems and have been ducking the bullet on fixing it...if this were my money/info, I'd sure be upset...
Ten quid, she's so easy to blind. And not a word is spoken...
Comment removed based on user account deletion
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris.
The site www.blm.gov is running Apache/1.3.22 (Unix) PHP/4.0.6 on unknown.
The site www.nps.gov is running Netscape-Enterprise/4.1 on Solaris.
Oh, and nps is still up....
But if the credentialing scheme in place depends on Windows frontend servers being secure, you can damn well better bet that it will be dutifully serving up data to the wrong party.
Can't do much about that. I don't perform ANY core business functions on Microsoft server software, their history of getting brutally hacked and denying it is far too pervasive. (Yes, Sun and IBM are terrible too. Frankly, Red Hat and the OpenBSD Project are valuable to me not because they're "perfect", but because they're honest and prompt when they fuck up! I cut both organizations a new check every 6 months of my own free will, NOT because they try and force my company to. The checks come out of my after-tax salary; as far as I know the company has never paid a dime for either project's media.)
The consultants were probably lazy too, but don't get too overzealous to defend the most probable point of entry. I am somewhat less than surprised that a large gov't agency would screw up like this, although most of the dep'ts I work with at least have the sense to retain solid IT security consultants (I've met some very competent Lockheed employees, for example; I have no idea who was at fault in this incident).
Remember that what's inside of you doesn't matter because nobody can see it.
I used to work for the USGS as a student employee in their computer services dept. Lack of security and competent network administration would be too kind for me to say. Stupidity like, each and every government computer has a public ip address, regardless if it is serving up web services. NT4 servers running with service pack four. And worse yet, users with full admin rights on their PCs, installing software and changing settings that could open them up for god knows what.
You know.. I just thought of something. There is the WayBack Machine which lets you get past copies of ANY website. Do you think one could get a copy of the DOI and get cached copies of the data, or some such stuff?
One good whore deserves another, I suppose.
The power of judicial review is not "ignoring the law". Judicial review is the power to say that a given law violated the terms of another, "higher" law -- in the US, that's the Constitution. A judge cannot (or at least should not) choose to ignore a law on the basis of "I just don't like it".
The power the judge is exercising in this case, is the ability for a judicial or quasi-judicial authority (ie: a congressional committee) to hold someone in contempt. When one violates the order of a judge in a given situation -- that is, a case is brought before him/her, and in the course of that proceeding orders a certain thing to be done, or not be done -- and that order is violated, they can be held until such time as they satisfy the judge that they will comply, or until suitably punished. Yes, the power of holding someone in contempt is broad, with only the barest hint of restraint (many jurisdictions only allow someone to be held on contempt for a year or less).
This says nothing of the laws themselves -- where one is charged, tried, and formally sentenced to a given term in accordance with the law violated.
To get success, you have to hire just enough good people, pay them well enough that they don't have to worry about the bills, and help them build a success-centered culture. Well-paid people with practically guaranteed jobs who go on strike do not constitute such an organization.
OTOH, when I want money I ask for it, and if I don't get it I go elsewhere if the market lets me. I do not -- and would *never* -- collude with my fellows to put clients/employers in a position where they have to knuckle under to me or go out of business.If those teachers in NJ were truly not being paid enough, they could go into business for themselves and people would line up to pay them better.
I swear, this is the last I'm posting in this thread.
-- ;-)
Kuro5hin.org: where the good times never end.
> it's irresposible because anyone could easily open my mailbox and find
> almost $3 of totally spendible money ready and waiting.
But that's not too far from how the government has handled these trust funds--assuming, of course, that the government was supposed to have sent you $3 Billion . . .
The history of mismanagement of these moneys, and the sheer volume of missing records (they don't know how much they're supposed to have had, who it belongs, to, etc.) is shocking, even by banana republic standards. The existence of this case should have scared of Norton from *taking* the job as interior secretary . . .
Add to that that the first rule of litigation is, "don't piss of the judge." They've done that in spacdes. And if you *are* going to piss of a judge with misconduct and feigned ignorance, this is the *last* judge in the united states to do that to . . .
hawk, esq.